When it comes to security, developers are saying one thing but doing another, according to a new study from MongoDB.
The survey found while almost all developers (92 percent) and IT decision-makers (88 percent) say they take the necessary steps to secure newly built applications, less than a third (29 percent) actually take full responsibility.
The rest consider it to be a problem for security specialists, business leaders, and ops teams.
So, if they’re not focused on security, what are developers focused on? Software compatibility (38 per cent) and ease of use (36 per cent), it seems.
For Joe Drumgoole, Director of Developer Relations at MongoDB, DevSecOps is a way “to reconcile strong security with speed”.
“There is no security without first having functionality, so the responsibility should be naturally distributed across different organisations. Where companies are at risk is the battle of control and convenience taking place,” adds Drumgoole.
MongoDB’s CISO, Lena Smart, added that DevSecOps is a great way to increase the visibility and better understand how resources are being spent across the enterprise.
“It should become and remain a key part of an organisation’s development strategy,” she concluded.
DevSecOps is considered a natural evolution of DevOps, where security foundations are being built into DevOps initiatives.